<?xml version="1.0" encoding="UTF-8"?>
<web-app
  version="3.0"
  xmlns="http://java.sun.com/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

  <display-name>Camunda Platform webapp</display-name>

  <!-- cockpit bootstrap listener -->
  <listener>
    <listener-class>org.camunda.bpm.cockpit.impl.web.bootstrap.CockpitContainerBootstrap</listener-class>
  </listener>

  <!-- admin bootstrap listener -->
  <listener>
    <listener-class>org.camunda.bpm.admin.impl.web.bootstrap.AdminContainerBootstrap</listener-class>
  </listener>

  <!-- tasklist bootstrap listener -->
  <listener>
    <listener-class>org.camunda.bpm.tasklist.impl.web.bootstrap.TasklistContainerBootstrap</listener-class>
  </listener>

  <!-- welcome bootstrap listener -->
  <listener>
    <listener-class>org.camunda.bpm.welcome.impl.web.bootstrap.WelcomeContainerBootstrap</listener-class>
  </listener>

  <!-- http session mutex listener -->
  <listener>
    <listener-class>org.camunda.bpm.webapp.impl.security.filter.util.HttpSessionMutexListener</listener-class>
  </listener>

  <session-config>
    <cookie-config>
      <http-only>true</http-only>
      <secure>false</secure>
    </cookie-config>
  </session-config>

  <!-- Container Based Authentication filter -->
  <!-- <filter>
    <filter-name>Container Based Authentication Filter</filter-name>
    <filter-class>org.camunda.bpm.webapp.impl.security.auth.ContainerBasedAuthenticationFilter</filter-class>
    <init-param>
      <param-name>authentication-provider</param-name>
      <param-value>org.camunda.bpm.engine.rest.security.auth.impl.ContainerBasedAuthenticationProvider</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>Container Based Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
  </filter-mapping> -->

  <!-- Authentication filter -->
  <filter>
    <filter-name>Authentication Filter</filter-name>
    <filter-class>org.camunda.bpm.webapp.impl.security.auth.AuthenticationFilter</filter-class>
    <!-- See https://docs.camunda.org/manual/latest/webapps/shared-options/authentication/#cache -->
    <init-param>
      <param-name>cacheTimeToLive</param-name>
      <param-value>300000</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
  </filter-mapping>

  <!-- Security filter -->
  <filter>
    <filter-name>SecurityFilter</filter-name>
    <filter-class>org.camunda.bpm.webapp.impl.security.filter.SecurityFilter</filter-class>
    <init-param>
      <param-name>configFile</param-name>
      <param-value>/WEB-INF/securityFilterRules.json</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>SecurityFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
  </filter-mapping>

  <!-- CSRF Prevention filter -->
  <filter>
    <filter-name>CsrfPreventionFilter</filter-name>
    <filter-class>org.camunda.bpm.webapp.impl.security.filter.CsrfPreventionFilter</filter-class>
    <!--<init-param>-->
    <!--<param-name>targetOrigin</param-name>-->
    <!--<param-value>http://localhost:8080</param-value>-->
    <!--</init-param>-->
  </filter>
  <filter-mapping>
    <filter-name>CsrfPreventionFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <!-- HTTP Header Security Filter -->
  <filter>
    <filter-name>HttpHeaderSecurity</filter-name>
    <filter-class>org.camunda.bpm.webapp.impl.security.filter.headersec.HttpHeaderSecurityFilter</filter-class>

    <!--
    The Strict Transport Security header is disabled by default.
    You can enable it by uncommenting the configuration below.
    Read more about it in the documentation
    https://docs.camunda.org/manual/latest/webapps/shared-options/header-security/#strict-transport-security
    -->

    <!--
    <init-param>
      <param-name>hstsDisabled</param-name>
      <param-value>false</param-value>
    </init-param>
    -->
  </filter>

  <filter-mapping>
    <filter-name>HttpHeaderSecurity</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
  </filter-mapping>

  <!-- engines filter -->
  <filter>
    <filter-name>Engines Filter</filter-name>
    <filter-class>org.camunda.bpm.webapp.impl.engine.ProcessEnginesFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>Engines Filter</filter-name>
    <url-pattern>/app/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
  </filter-mapping>

  <!-- Empty body filter -->
  <filter>
    <filter-name>EmptyBodyFilter</filter-name>
    <filter-class>org.camunda.bpm.engine.rest.filter.EmptyBodyFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>EmptyBodyFilter</filter-name>
    <url-pattern>/api/*</url-pattern>
  </filter-mapping>

  <!-- REST cache control filter -->
  <filter>
    <filter-name>CacheControlFilter</filter-name>
    <filter-class>org.camunda.bpm.engine.rest.filter.CacheControlFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>CacheControlFilter</filter-name>
    <url-pattern>/api/*</url-pattern>
  </filter-mapping>

  <!-- cockpit rest api -->
  <servlet>
    <servlet-name>Cockpit Api</servlet-name>
    <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
    <init-param>
      <param-name>jakarta.ws.rs.Application</param-name>
      <param-value>org.camunda.bpm.cockpit.impl.web.CockpitApplication</param-value>
    </init-param>
    <init-param>
      <param-name>resteasy.servlet.mapping.prefix</param-name>
      <param-value>/api/cockpit</param-value>
    </init-param>
  </servlet>
  <servlet-mapping>
    <servlet-name>Cockpit Api</servlet-name>
    <url-pattern>/api/cockpit/*</url-pattern>
  </servlet-mapping>

  <!-- admin rest api -->
  <servlet>
    <servlet-name>Admin Api</servlet-name>
    <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
    <init-param>
      <param-name>jakarta.ws.rs.Application</param-name>
      <param-value>org.camunda.bpm.admin.impl.web.AdminApplication</param-value>
    </init-param>
    <init-param>
      <param-name>resteasy.servlet.mapping.prefix</param-name>
      <param-value>/api/admin</param-value>
    </init-param>
  </servlet>
  <servlet-mapping>
    <servlet-name>Admin Api</servlet-name>
    <url-pattern>/api/admin/*</url-pattern>
  </servlet-mapping>

  <!-- tasklist rest api -->
  <servlet>
    <servlet-name>Tasklist Api</servlet-name>
    <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
    <init-param>
      <param-name>jakarta.ws.rs.Application</param-name>
      <param-value>org.camunda.bpm.tasklist.impl.web.TasklistApplication</param-value>
    </init-param>
    <init-param>
      <param-name>resteasy.servlet.mapping.prefix</param-name>
      <param-value>/api/tasklist</param-value>
    </init-param>
  </servlet>
  <servlet-mapping>
    <servlet-name>Tasklist Api</servlet-name>
    <url-pattern>/api/tasklist/*</url-pattern>
  </servlet-mapping>

  <!-- engine rest api (embedded) -->
  <servlet>
    <servlet-name>Engine Api</servlet-name>
    <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
    <init-param>
      <param-name>jakarta.ws.rs.Application</param-name>
      <param-value>org.camunda.bpm.webapp.impl.engine.EngineRestApplication</param-value>
    </init-param>
    <init-param>
      <param-name>resteasy.servlet.mapping.prefix</param-name>
      <param-value>/api/engine</param-value>
    </init-param>
  </servlet>
  <servlet-mapping>
    <servlet-name>Engine Api</servlet-name>
    <url-pattern>/api/engine/*</url-pattern>
  </servlet-mapping>

  <!-- welcome rest api -->
  <servlet>
    <servlet-name>Welcome Api</servlet-name>
    <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
    <init-param>
      <param-name>jakarta.ws.rs.Application</param-name>
      <param-value>org.camunda.bpm.welcome.impl.web.WelcomeApplication</param-value>
    </init-param>
    <init-param>
      <param-name>resteasy.servlet.mapping.prefix</param-name>
      <param-value>/api/welcome</param-value>
    </init-param>
  </servlet>
  <servlet-mapping>
    <servlet-name>Welcome Api</servlet-name>
    <url-pattern>/api/welcome/*</url-pattern>
  </servlet-mapping>

  <!-- default error page -->
  <error-page>
    <!-- Missing resource -->
    <error-code>404</error-code>
    <location>/error-404-page.html</location>
  </error-page>
  <error-page>
    <!-- Uncaught exception -->
    <error-code>500</error-code>
    <location>/error-500-page.html</location>
  </error-page>
</web-app>
